Hi,
Phone-support suggested I post this question here, in order to get an answer from Sys Ops/Admin @ Sonic.
I have a Static/29 allocated from Sonic.
I run my own DNS server; fwiw, it's ISC BIND 9.9.2.
RDNS for my /29 has been delegated to my nameserver.
I've now DNSSEC-signed my DNS zones. The next step is to get my DS records submitted 'upstream'.
I'd ideally like to do that using DNSSEC automation tools such as those included in BIND9 or OpenDNSSEC.
My current registrar -- Namecheap/eNom -- does not currently support DNSSEC.
One option to do so is to switch registrars to GoDaddy, which supports DNSSEC key submission, but only (iiuc) automation when using their DNS Management, NOT my own as I currently do. And, I'm personally not a fan of GoDaddy. I.e., the solution's NOT ideal.
An additional option is to use ArinOnline's automated tool for DNSSEC submission:
However ... on that same page, I was directed to:
My question, hence, is can/will Sonic do this, and, if so, what's the next step down that path?
And, no, I'm not convinced I've gotten all the details straight ...
Thanks,
Richard
Phone-support suggested I post this question here, in order to get an answer from Sys Ops/Admin @ Sonic.
I have a Static/29 allocated from Sonic.
I run my own DNS server; fwiw, it's ISC BIND 9.9.2.
RDNS for my /29 has been delegated to my nameserver.
I've now DNSSEC-signed my DNS zones. The next step is to get my DS records submitted 'upstream'.
I'd ideally like to do that using DNSSEC automation tools such as those included in BIND9 or OpenDNSSEC.
My current registrar -- Namecheap/eNom -- does not currently support DNSSEC.
One option to do so is to switch registrars to GoDaddy, which supports DNSSEC key submission, but only (iiuc) automation when using their DNS Management, NOT my own as I currently do. And, I'm personally not a fan of GoDaddy. I.e., the solution's NOT ideal.
An additional option is to use ArinOnline's automated tool for DNSSEC submission:
After creating the required ArinOnline account for my Organization & its various PointsOfContact, I've learned in a phone call with Arin Tech Support that those tools are only availble directly to end-users from Arin if MY allocation is >= /24 AND my ISP's allocation is <= /16. That's obviously not the case.@ https://www.arin.net/resources/dnssec/
...
Reverse DNS and DNSSEC Management at ARIN
ARIN provides delegation management tools to individually manage reverse DNS within IPv4 and IPv6 networks once your zones are DNSSEC-enabled. ARIN members may choose to DNSSEC-enable their reverse zones by submitting Delegation Signer (DS) Records to ARIN.
...
However ... on that same page, I was directed to:
As I understand it, Sonic can 'share authority' for my allocated IP space, enabling me to piggyback on its direct ARIN relationship to use the ARIN DNSSEC tools/API for automated submission of my DNSSEC DS-records.@ https://www.arin.net/resources/dnssec/
...
Shared Authority
When ARIN-issued IP address space is reassigned by an organization to their customer, both parties may manage DNS for that space via Shared Whois Project (SWIP). Organizations with authority over a delegation are listed in the Authorized Organizations column.
Note: If your organization’s customers are disconnected from you, it is imperative that you protect your records by promptly removing any SWIPs to them, thus severing their shared authority rights for your reverse zones.
...
My question, hence, is can/will Sonic do this, and, if so, what's the next step down that path?
And, no, I'm not convinced I've gotten all the details straight ...
Thanks,
Richard
